Privacy Policy

Effective: February 1, 2026
riskreport360.com

1. Introduction

RiskReport360 ("Company", "we", "our", or "us") provides automated cyber risk assessment services, reporting tools, and related software solutions (the "Services").

This Privacy Policy explains how we collect, use, store, disclose, and protect personal data when you access our website or use our Services.

We operate globally and comply with applicable data protection laws, including but not limited to:

  • GDPR (EU/EEA)
  • UK GDPR
  • Japan's Act on the Protection of Personal Information (APPI)
  • U.S. state privacy laws (where applicable)

2. Scope

This Policy applies to:

  • Website visitors
  • Customers
  • License key holders
  • API users
  • End users receiving reports
  • Authorized agents and resellers
  • OEM or white-label partners and their customers

3. Information We Collect

A. Information You Provide

  • Name
  • Email address
  • Company name
  • Job title
  • Billing information
  • Domain names submitted for assessment
  • Support communications

B. Automatically Collected Information

  • IP address
  • Browser type
  • Device type
  • Log data
  • Cookies and analytics data
  • License key usage activity

C. Domain Assessment Data

When a domain is submitted for analysis, we may collect:

  • Public DNS data
  • WHOIS data
  • SSL certificate metadata
  • Public vulnerability exposure
  • Publicly discoverable subdomains
  • Public technical footprint information

We do not access internal systems, private networks, or non-public content.

4. Lawful Basis for Processing (GDPR)

We process data based on:

  • Contractual necessity
  • Legitimate business interests
  • Legal obligations
  • Consent (where required)

5. How We Use Information

We use information to:

  • Provide cyber risk assessments
  • Generate and deliver reports
  • Issue and validate license keys
  • Process payments
  • Improve Services
  • Provide customer support
  • Prevent fraud or abuse
  • Comply with legal requirements
  • Communicate service updates

We do not sell personal data.

6. Data Sharing

We may share data with:

  • Cloud infrastructure providers
  • Payment processors
  • Email delivery services
  • Analytics providers
  • Fraud prevention services
  • Affiliates and related entities under common control
  • Authorized OEM, white-label, distribution, or reseller partners

All third parties are contractually obligated to safeguard data.

7. International Transfers

Data may be transferred and processed outside your country of residence.

Where required, we use:

  • Standard Contractual Clauses (SCCs)
  • Equivalent safeguards under applicable law

8. Data Retention

We retain personal data:

  • As long as necessary to provide Services
  • As required for legal or accounting obligations
  • For security and audit purposes

Domain scan results may be retained for benchmarking and product improvement in anonymized or aggregated form.

9. Your Rights

Depending on your jurisdiction, you may have rights to:

  • Access your data
  • Correct inaccurate data
  • Delete data
  • Restrict processing
  • Object to processing
  • Data portability
  • Withdraw consent

Requests may be submitted to: contact@riskreport360.com

10. Security

We implement reasonable administrative, technical, and physical safeguards, including:

  • Encrypted data transmission (HTTPS/TLS)
  • Access controls
  • Secure cloud infrastructure
  • Limited data access policies

However, no system can be guaranteed 100% secure.

11. Cookies

We use cookies for:

  • Essential functionality
  • Analytics
  • Security monitoring

You may disable cookies via your browser settings.

12. Children

Our Services are not intended for individuals under 18 years of age.

13. Changes to This Policy

We may update this Policy at any time. Updates will be posted on this page with a revised effective date.

14. Contact

Privacy inquiries: contact@riskreport360.com